diff options
Diffstat (limited to 'gnu/packages/patches/icecat-CVE-2015-7222-pt2.patch')
| -rw-r--r-- | gnu/packages/patches/icecat-CVE-2015-7222-pt2.patch | 34 |
1 files changed, 34 insertions, 0 deletions
diff --git a/gnu/packages/patches/icecat-CVE-2015-7222-pt2.patch b/gnu/packages/patches/icecat-CVE-2015-7222-pt2.patch new file mode 100644 index 0000000000..688d7f903f --- /dev/null +++ b/gnu/packages/patches/icecat-CVE-2015-7222-pt2.patch @@ -0,0 +1,34 @@ +From 63c353cf8ec6b787936f602532026bd9923a16e4 Mon Sep 17 00:00:00 2001 +From: Gerald Squelart <gsquelart@mozilla.com> +Date: Wed, 9 Dec 2015 10:00:13 +0100 +Subject: [PATCH] Bug 1216748 - p3. Ensure 'covr' data size cannot create + underflow - r=rillian, a=sylvestre + +--- + .../frameworks/av/media/libstagefright/MPEG4Extractor.cpp | 5 ++++- + 1 file changed, 4 insertions(+), 1 deletion(-) + +diff --git a/media/libstagefright/frameworks/av/media/libstagefright/MPEG4Extractor.cpp b/media/libstagefright/frameworks/av/media/libstagefright/MPEG4Extractor.cpp +index c6aaf1d..a69fc14 100644 +--- a/media/libstagefright/frameworks/av/media/libstagefright/MPEG4Extractor.cpp ++++ b/media/libstagefright/frameworks/av/media/libstagefright/MPEG4Extractor.cpp +@@ -1889,12 +1889,15 @@ status_t MPEG4Extractor::parseChunk(off64_t *offset, int depth) { + if (mFileMetaData != NULL) { + ALOGV("chunk_data_size = %lld and data_offset = %lld", + chunk_data_size, data_offset); ++ const int kSkipBytesOfDataBox = 16; ++ if (chunk_data_size <= kSkipBytesOfDataBox) { ++ return ERROR_MALFORMED; ++ } + sp<ABuffer> buffer = new ABuffer(chunk_data_size + 1); + if (mDataSource->readAt( + data_offset, buffer->data(), chunk_data_size) != (ssize_t)chunk_data_size) { + return ERROR_IO; + } +- const int kSkipBytesOfDataBox = 16; + mFileMetaData->setData( + kKeyAlbumArt, MetaData::TYPE_NONE, + buffer->data() + kSkipBytesOfDataBox, chunk_data_size - kSkipBytesOfDataBox); +-- +2.6.3 + |